If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

RSA's Anti-Fraud Command Center (AFCC) discovered an internet forum populated by fraudsters that is offering a set of tools to create a man-in-the-middle scheme, according to a company news release.

The kit allows would-be attackers to create a bogus URL that communicates with both the end user and the legitimate website in real time, the release said. The scammer must first dupe the user into visiting the spoofed site.

These so-called universal phishing kits allow users to configure their attacks to take advantage of any target website, according to the release.

What makes man-in-the-middle attacks so troubling to security experts is that they allow hackers to continue to steal credentials even after the account holder has logged in, thus permitting the attacker to make an immediate financial transaction. In addition, because the fake site is communicating with the real one, it will alert users when they have incorrectly entered in their login details - thus enhancing the legitimacy of the scam.

Experts have said mutual authentication - in which both the client browser and the website must validate themselves - needs to be implemented to prevent against this new style of attack. Two-factor authentication won't cut it.

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan, director of marketing in the Consumer Solutions division at RSA. "While these types of attacks are still considered ‘next generation,' we expect them to become more widespread over the course of the next 12 to 18 months."

Sounds like a big part of it would be some script to spider enough of the target site to make a reasonable facsimile, and some scripts to rework forms so that their input is logged and the user is redirected back to the real site.